Skip to main content

Expedition CVE-2018-10143

CRITICAL
Improper Privilege Management (CWE-269)
2018-12-12 psirt@paloaltonetworks.com
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 12, 2018 - 00:29 nvd
CRITICAL 9.8

DescriptionNVD

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.

AnalysisAI

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. Affected products include: Paloaltonetworks Expedition.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

CVE-2025-0107 HIGH POC
7.7 Jan 11

Palo Alto Networks Expedition contains an unauthenticated OS command injection vulnerability that allows attackers to ex

CVE-2024-5910 CRITICAL POC
9.3 Jul 10

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account

CVE-2024-9463 CRITICAL POC
9.9 Oct 09

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitra

CVE-2024-9465 CRITICAL POC
9.2 Oct 09

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition

CVE-2024-9464 CRITICAL
9.3 Oct 09

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary

CVE-2019-1571 MEDIUM POC
4.8 Mar 26

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML

CVE-2019-1570 MEDIUM POC
4.8 Mar 26

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML

CVE-2019-1569 MEDIUM POC
4.8 Mar 26

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML

CVE-2024-9466 HIGH
8.2 Oct 09

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated atta

CVE-2018-10142 HIGH
7.5 Nov 27

The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operat

CVE-2024-9467 HIGH
7.0 Oct 09

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context

CVE-2025-0106 MEDIUM
6.9 Jan 11

A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate file

Share

CVE-2018-10143 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy